Sunday, January 23, 2011

Mozilla blocks Skype's Firefox-crashing add-on


Mozilla has barred a Skype extension for Firefox, accusing it of causing 40,000 browser crashes a week and of dramatically slowing page-load times.

"We believe that both of these items constitute a major, user-facing issue, and meet our established criteria for blocklisting an add-on," Mozilla said in a blog post yesterday. Because the extension is installed by default when Skype's main software is installed, a "large number of Firefox users who have installed Skype have also installed the Skype Toolbar, knowingly or unknowingly," Mozilla said.

Mozilla is in contact with Skype programmers and will restore the extension's privileges if the problems are addressed, the organization said.

In a statement, Skype said it's resolving the problem.

"Based on our initial investigation, we know that downloading the new client will fix for most users any compatibility issues, and are working with Mozilla to ensure that there are no other compatibility issues. We are sorry for any inconvenience this has caused our users," the company said.

The Skype toolbar extension, bundled with the Skype software for making audio and video calls over the Internet, highlights phone numbers in Web pages to make it easier to call them with Skype. Those who really like it can still run the toolbar, Mozilla said: "The blocklist entry will be a 'soft block,' where the extension is disabled and the user is notified of the block and given the option to re-enable it if they choose. It's also important to note that the Skype application itself will continue to work as it always has; only the Skype Toolbar within Firefox is being disabled."

Source : news.cnet.com

Apple App Store reaches 10 billion downloads


Less than three years after its launch, the Apple App Store reached its goal of 10 billion downloads.

To promote the milestone, Apple promised to give away a $10,000 App Store gift card to whomever buys the 10 billionth download.

The store launched in July 2008 with just 500 apps and now touts the availability of more than 350,000 free and paid apps for the iPhone, iPad, and iPod Touch. Growth of the store's popularity has been swift; in its first nine months, the store hit 1 billion downloads and followed that up with 5 billion downloads in June 2010.

The App Store has been such a resounding success for mobile computing that Apple's competitors have been forced to launch similar ventures. Google, Microsoft, Research In Motion, Nokia, and Samsung all offer apps through their own app storefronts.

But the venture has not been without controversy. Early on, Apple's app approval process often frustrated developers, who were sometimes left in the dark about the reason an app is rejected. But Apple recently announced plans to allow developers to create applications with just about any tool they want and publish its App Store Review Guidelines.

Internet Explorer 9 to add ActiveX filtering


The upcoming release candidate of Microsoft's Internet Explorer 9 browser is said to include a new feature that will let users selectively pick which parts of Web pages can load ActiveX elements.

According to blog WinRumors, which is citing its own sources, the security-focused feature will be included inside the first release candidate for IE9, which is expected to arrive later this month. The filter will come in the form of a toggle that sits alongside the recently announced tracking protection feature--the one that blocks third-parties from tracking user behavior from site to site. Together, the two features would give users more control over what can be done by individual pieces of the page.

When asked about the arrival of the feature, Microsoft declined to comment beyond saying, "Microsoft has not released this Internet Explorer 9 code to the public and we caution consumers and businesses that downloading software (including workarounds) from a non-genuine source can pose risks to their environment."

ActiveX has had a long history as an integral part of Internet Explorer. Since its introduction in the mid-'90s, the technology played an important part in giving site makers ways to build increasingly interactive Web applications. But at the same time, ActiveX also became a means for sites and individuals to run exploits and other malicious code through the browser. Microsoft responded by beefing up IE's default security settings for ActiveX content, requiring user approval to run plug-ins, and implementing a blacklist to keep known malicious controls from loading. If implemented, this security feature would be another layer on top of these protective measures.

IE9 has been in beta since mid-September of last year, and has proven to be a popular download among users, with the most recently released numbers pegging downloads north of 20 million.

Source : news.cnet.com

Wednesday, December 29, 2010

Mozilla exposes older user-account database

Mozilla has disabled 44,000 older user accounts for its Firefox add-ons site after a security researcher found part of a database of the account information on a publicly available server.

The file had passwords obscured with the now-obsolete MD5 hashing algorithm, which has been rendered cryptographically weak and which Mozilla scrapped for the more robust SHA-512 algorithm as of April 9, 2009. The older database didn't end up anywhere dangerous, Mozilla believes.

"We were able to account for every download of the database. This issue posed minimal risk to users, however, as a precaution we felt we should disclose this issue to people affected and err on the side of disclosure," said Chris Lyon, Mozilla's director of infrastructure security, in a blog post about the database exposure yesterday.

Mozilla notified affected users of the problem by e-mail yesterday, it said. "Current addons.mozilla.org users and accounts are not at risk," Lyon said.

Password security has become a more prominent concern after a hack of Gawker blog sites earlier this month. Even with passwords obscured by strong hash algorithms, user names can be valuable in further hack attempts, especially when people reuse the same password on multiple sites.

"Unique passwords are a requirement, not a luxury," said Chester Wisniewski of security firm Sophos in a blog post about the event.

Source : news.cnet.com